Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Tech support scammers use denial of service bug to hang victims

Process pig keeps eyes glued on fraudsters' phone number.

Tech support fraudsters have taught an old denial of service bug new tricks to add a convincing layer of authenticity to scams.

The HTML5 bug allows sites to chew up a mountain of processor capacity, causing browsers to hang.

Scammers deploy the few lines of code needed to trigger the bug, hang browsers and then display a screen that says malware has been detected.

MalwareBytes researcher Jérôme Segura says this trick will often prevent users from opening the Windows task manager or taking other actions, because they believe the fake malware notification.

Segura says "...scammers really want their victims to see the instructions on screen, and in particular the phone number to call to fix their computer."

"This is a clever use of this bug because the computer that visited this site is essentially stuck with the CPU and memory maxed out while the page is not responding.

"All of this is done by using a few lines of code."

description

The offending scam. Image: Jerome Segura.

Segura reported the bug abuse to Google's Safe Browsing team but has yet to hear of a fix.

Your correspondent called the scammer's phone number (+18445073556) as part of The Register's ongoing-but-futile bid to bribe the details of scamming operations from agents, but heard only strange noises.

The most likely target of these scams are millennials, according to Microsoft research last month that found that age group are far more likely to fall hook and sinker for the cons than greybeards.

The denial of service code.

This could be thanks to the proliferation of blue screen of death tech support scams on popular torrent sites like Kick Ass Torrents and The Pirate Bay.

Some security wonks are fighting back. Ivan Kwiatkowski In August permitted a tech support scammer to access his virtual machine and tricked the operator into opening a file that infected their machine with the Locky ransomware, a nice case of the biter being bitten. ®

 

Similar topics

Similar topics

Similar topics

TIP US OFF

Send us news


Other stories you might like